Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest

[Kuppuswamy, Sathyanarayanan]

On 9/30/21 8:20 AM, Michael S. Tsirkin wrote:
> On Thu, Sep 30, 2021 at 08:18:18AM -0700, Kuppuswamy, Sathyanarayanan wrote:
> > On 9/30/21 6:36 AM, Dan Williams wrote:
> > > > And in particular, not all virtio drivers are hardened -
> > > > I think at this point blk and scsi drivers have been hardened - so
> > > > treating them all the same looks wrong.
> > > My understanding was that they have been audited, Sathya?
> >
> > Yes, AFAIK, it has been audited. Andi also submitted some patches
> > related to it. Andi, can you confirm.
> >
> > We also authorize the virtio at PCI ID level. And currently we allow
> > console, block and net virtio PCI devices.
> >
> > { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_NET) },
> > { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_BLOCK) },
> > { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_CONSOLE) },
>
> Presumably modern IDs should be allowed too?

You mean IDs in range 104x right? If yes, we also allow them for above
mentioned types.

>

--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer